I need to create a ssl cert for our exchange 2007 server. we currently use a go daddy cert for owa. what is the process to create a new ssl cert for our tls but not to affect the ssl cert for owa. below is the event log Microsoft Exchange couldn't find a certificate that contains the domain name mailsrv1.cei.local.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector archiving with a FQDN parameter of mailsrv1.abc.local If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

Check out:http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=12014&EvtSrc=MSExchangeTransport

SELF SSL wil be installed by default @ the time of installation. make sure you have not removed the same. by running Get-exchangecertificate | fl If you really want to rely on self SSL for SMTP also read out the below limitation of same. Limitations of the Self-Signed Certificate The following list describes some limitations of the self-signed certificate. Expiration Date: The self-signed certificate expires 12months after Exchange2007 is installed. When the certificate expires, a new self-signed certificate must be manually generated by using the New-ExchangeCertificate cmdlet. Outlook Anywhere: The self-signed certificate cannot be used with OutlookAnywhere. We recommend that you obtain a certificate from aWindowsPKI or a trusted commercial third party if you will be using Outlook Anywhere. ExchangeActiveSync: The self-signed certificate cannot be used to encrypt communications betweenMicrosoftExchangeActiveSyncdevices and the Exchangeserver. We recommend that you obtain a certificate from aWindows PKI or a trusted commercial third party for use with ExchangeActiveSync. OutlookWebAccess: MicrosoftOutlookWebAccessusers will receive a prompt informing them that the certificate being used to help secureOutlookWebAccessis not trusted. This error occurs because the certificate is not signed by an authority that the client trusts. Users will be able to ignore the prompt and use the self-signed certificate for OutlookWebAccess. However, we recommend that you obtain a certificate from aWindowsPKI or a trusted commercial third party. http://technet.microsoft.com/en-us/library/bb851554.aspx How to rectify the below error please read the below http://support.microsoft.com/kb/555855 Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|